OpenID Integration

Overview

OpenID Connect (OIDC) is an open standard and decentralized authentication protocol. Users create accounts by selecting an OpenID identity provider and then use those accounts to sign on to any website which accepts OpenID authentication.

Basic Configuration:

1. Navigate to System > Settings. Right-click on OpenID Settings and select Edit. 
   
2. On the Edit Open Id Settings window, select the Enabled checkbox. Add a new identity provider in the Identity Providers section by clicking Add New.
   
3. Enter an appropriate name in the IdP Name field. The Client ID, Client Secret, and Discovery URL (Authority) fields can be obtained from an Identity Provider. The Discovery URL (Authority) usually ends with ".well-known/openid- configuration". After configuring all the appropriate fields, click OK.
   Be sure the information being inputted is correct. Many Identity Providers have an allowed list of redirect URIs. It may be necessary to add "http:///decisions/Login.aspx " to this list. The required information may change between different Identity Providers.

   
   

4. Click the dropdown list under Primary Identity Provider and select the Identity Provider created. Click SAVE to save changes.
   When debug logging is enabled, requests and responses will be located at C:/Program Files/Decisions/Decisions Server/Logs/OpenID.
   
   

   
   

5. Open the Settings.xml file by navigating to C:\Program Files\Decisions\Decisions Services Manager.
   
   
6. Use the search tool to locate EnableSingleSignOn and change the value to true. Save the file and restart the Service Host Manager.
   
   If there is an active session, it might be logged in with a non-OpenID account. Log out or start a fresh session and this should be redirected to the identity provider. Once the identity provider has accepted the credentials, it will redirect back to Decisions and logged in with the OpenID account.